Manalyze report for 9019e33f6c223b99d7cdc626a46ee73d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2006-Sep-21 13:33:38

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Suspicious	PEiD Signature:	`dUP 2.x Patcher --> www.diablo2oo2.cjb.net` `dUP 2.x Patcher -> www.diablo2oo2.cjb.net`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regedit.exe` `Contains domain names: diablo2oo2.cjb.net http://diablo2oo2.cjb.net http://www.trancite.com http://www.trancite.com/ trancite.com www.trancite.com`
Suspicious	The PE is possibly packed.	`Section .text is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCreateKeyExA RegQueryValueExA RegOpenKeyA RegCloseKey` `Possibly launches other programs: WinExec ShellExecuteA`
Malicious	VirusTotal score: 36/69 (Scanned on 2021-07-27 00:06:13)	`MicroWorld-eScan: Trojan.Generic.19635503` `FireEye: Generic.mg.9019e33f6c223b99` `CAT-QuickHeal: HackTool.Patcher.A` `ALYac: Trojan.Generic.19635503` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Heuristic.rg` `K7AntiVirus: Riskware ( 0040eff71 )` `Alibaba: HackTool:Win32/Patcher.e5fb4f9a` `K7GW: Riskware ( 0040eff71 )` `Cybereason: malicious.f6c223` `Arcabit: Trojan.Generic.D12B9D2F` `Symantec: Trojan.Gen.2` `ESET-NOD32: Win32/HackTool.Patcher.A potentially unsafe` `APEX: Malicious` `Paloalto: generic.ml` `BitDefender: Trojan.Generic.19635503` `SUPERAntiSpyware: Hack.Tool/Gen-Patcher` `Rising: Trojan.Generic@ML.100 (RDML:Ep2VCOTuBiX3JdthpIjqHw)` `Ad-Aware: Trojan.Generic.19635503` `Sophos: MassDown (PUA)` `Comodo: TrojWare.Win32.Patcher.~B@fptr` `VIPRE: HackTool.Win32.Keygen` `McAfee-GW-Edition: BehavesLike.Win32.BadFile.qt` `Emsisoft: Trojan.Generic.19635503 (B)` `SentinelOne: Static AI - Malicious PE` `Webroot: W32.Hacktool.Gen` `MAX: malware (ai score=85)` `Microsoft: HackTool:Win32/Keygen` `GData: Win32.Trojan.PSE.N7LEZ1` `Cynet: Malicious (score: 100)` `McAfee: Artemis!9019E33F6C22` `Malwarebytes: HackTool.FilePatcher` `Yandex: Trojan.GenAsa!fOK2YxVS0uM` `Ikarus: Generic.Win32.Virtools-Hacktools` `Fortinet: Riskware/Patcher` `BitDefenderTheta: Gen:NN.ZexaF.34050.dqW@a0VTFhl`

Hashes

MD5	`9019e33f6c223b99d7cdc626a46ee73d`
SHA1	`2ef347618182d58a682937abe1e97d9c07e92c2f`
SHA256	`3e79502d5a2cb6d7952dcfe9ba4d2bea1f01d23df5c35b12dcc4e1adcbe7611d`
SHA3	`bd940ede0a6c467bb5afd2b0df1c171481fd296b5e51c1cc34a04659a7fb35b3`
SSDeep	`768:a3SgVvzyWnnKNsN5HmUMwpvmB15bHenzhIgAcO/9:aigFzy8Q4z95O/9`
Imports Hash	`1eae0d37eb5a00a753e7a55351af7932`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2006-Sep-21 13:33:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x2200`
SizeOfInitializedData	`0xb400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000021A0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fb638b975dddd01e6d8967aa6a7175fc`
SHA1	`56fe710803b060a63d7fd03e552d9460c4ea8596`
SHA256	`70b486101d866294cf6fe20a7890e742e775ca3051653b793dba67596d25ed0a`
SHA3	`76e9f9b5019e531753d944e88e2a00f81e409f036faf764276d82117bfd35c84`
VirtualSize	`0x2050`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.87905`

.rdata

MD5	`ee833afb40886ea4eef6c1023954330a`
SHA1	`85a152395e1f89868153fea45776f413b6a1c7e9`
SHA256	`655206b962e77d6e8da6d0f8c875c2345e630f10ad5dc3090975c459bffbd3b7`
SHA3	`12d0d14f1b28726bc436ee20dc78b35db720c6415ad4cd53b4ba5890b08ae0f9`
VirtualSize	`0x97c`
VirtualAddress	`0x4000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.83861`

.data

MD5	`c34eeac40e718d8a75bf644a4a7b5105`
SHA1	`c4f9a84a55da29660eb1f961d74df11d152e2fa5`
SHA256	`13a4497f998d3345dc1d8f1daab3e3be348ce6cdece9ad25b59319e0069361ed`
SHA3	`affe100299542def8f2d20606796579c95ab9c369f88ece7050f3af9a8058d19`
VirtualSize	`0xe3c`
VirtualAddress	`0x5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.67493`

.rsrc

MD5	`43bdfc0be326006f9a293647c9a3cf8f`
SHA1	`6a396e43f7a79e86958356ab86ef260e206b7b74`
SHA256	`c4368fb3facf6dd3ad255c82829e866eb80bea98511d254b565d2e07d1e4b272`
SHA3	`a0c600bc04d14c64e43f7864bcd7d85835a0a824e5dbb950bf8b57a35b6de294`
VirtualSize	`0xa2c8`
VirtualAddress	`0x6000`
SizeOfRawData	`0xa400`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.56497`

Imports

user32.dll	`SetWindowRgn` `SetWindowLongA` `SetFocus` `SetWindowTextA` `ShowWindow` `SetDlgItemTextA` `SetClassLongA` `SetCapture` `SendMessageA` `ReleaseCapture` `RedrawWindow` `PtInRect` `OffsetRect` `MessageBoxA` `LoadIconA` `LoadCursorA` `IsDlgButtonChecked` `InvalidateRect` `GetWindowRect` `GetWindowLongA` `GetParent` `GetDlgItemTextA` `GetDlgItem` `GetDlgCtrlID` `GetCursorPos` `GetCapture` `GetActiveWindow` `EndDialog` `DrawTextA` `DialogBoxParamA` `CheckDlgButton` `CallWindowProcA`
kernel32.dll	`RtlZeroMemory` `CompareStringA` `GetModuleFileNameA` `SetCurrentDirectoryA` `CreateDirectoryA` `FlushFileBuffers` `WriteFile` `lstrlenA` `lstrcpyA` `lstrcmpiA` `lstrcatA` `WinExec` `CloseHandle` `CopyFileA` `CreateFileA` `CreateFileMappingA` `DeleteFileA` `ExitProcess` `ExpandEnvironmentStringsA` `FindResourceA` `FreeLibrary` `GetCommandLineA` `GetFileAttributesA` `GetFileSize` `GetModuleHandleA` `GetProcAddress` `GetSystemDirectoryA` `LoadLibraryA` `LoadResource` `MapViewOfFile` `RtlMoveMemory` `SetEndOfFile` `SetEnvironmentVariableA` `SetFileAttributesA` `SetFilePointer` `SizeofResource` `UnmapViewOfFile`
shell32.dll	`ShellExecuteA`
gdi32.dll	`GetStockObject` `RoundRect` `SelectObject` `CreateFontIndirectA` `CreateSolidBrush` `ExtCreateRegion` `GetObjectA` `SetTextColor` `SetBkMode` `SetBkColor`
comctl32.dll	`InitCommonControls`
advapi32.dll	`RegCreateKeyExA` `RegQueryValueExA` `RegOpenKeyA` `RegCloseKey`
comdlg32.dll	`GetOpenFileNameA`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33941`
MD5	`fbd524fad40c62e5ac404072dc779219`
SHA1	`759d9f09f3b5b151f6b67ce7a46eed811e5cf160`
SHA256	`b22d5452694dfac5c6b279decc6a89f25e2fdf6986433307cc9469e7988ba767`
SHA3	`12015310c3890928714956cb56dc4d4438321666ffc052a12255fc316f6c5d40`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58143`
MD5	`54bba2768060448dbbd5272f9065e721`
SHA1	`5937ef634b2de99b48455a90b8fc740466288922`
SHA256	`2f51d9eaa08b1df85989d61e77b55f848344f36a6c8bbf7f5eec6d03dbf7f9d6`
SHA3	`506e7194bf1d6a67a0d80108f7a5f585ec5e6dd8f68f08db4533da0605308f2c`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57904`
MD5	`e5225d04d40d4cb98530579bddc669d2`
SHA1	`d212b6c31de4c564018fa7186c60c1f35a716c48`
SHA256	`680bc757e3256dbac45a9ecee7ef2e7e3ace13162578db9b033903496c824410`
SHA3	`0244c60f7443b6c0afc01e5827780129c8ecde425b84781c061fd8afd441f37b`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48604`
MD5	`5b909820eb70c615fedb117ab5b6b23c`
SHA1	`c891ec905c3f7fd2dd55a4df2b4579b2020c8352`
SHA256	`d1cebcf6fc9b78bddd31b26d2a62baf4d3da4c11c3978e7f594028ca90f792af`
SHA3	`8de0247059c5fbc9328712952d825bda8aba68412f6cb76b39c321a3324c7878`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85726`
MD5	`21b34764ba611bfbe3ac9bb5f02db9e0`
SHA1	`6119b8d9bf983fcaa7f89506a93432cb9f7714b9`
SHA256	`466ce5c911256eda75aaa6b165bf6fd906a7f21a179cf68c23a8a835688e9560`
SHA3	`f312b546623eb6e3777cd808ee2f32ba74336aa6bb37c9b4e1375a9575a4c071`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16669`
MD5	`40e4a07ea483b6475ea607c335872e52`
SHA1	`fd55e2a3e9dfb4af9d1d698b9492b1b007d8a226`
SHA256	`9d987ddac84492ed3c6a8e3bed5d87c6507725f3b085ef4d4d8647101620923c`
SHA3	`0c4536c9ed6e930d4e87add3702dbe7935238ca7573e02e5bc95cffa673c17a2`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41911`
MD5	`83ef48c2b0a066026cb5dea3dc8f0043`
SHA1	`980583c565bb5acd61cd758c6211e5fa3b869643`
SHA256	`7b92243088a5d3372fa426b50716532cfa260637198ba7dd0fdbf8409742efe8`
SHA3	`0275e825eaa31dd5be07e0c0cfe8d3bc70c53da45e9ad5e9932ce38585bfb4ec`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18701`
MD5	`143e0e1c538f767f67b24ec00f13748a`
SHA1	`a5c7fb08681c3bea833dcaa24aa4a0fcb009979f`
SHA256	`f30720bff5d48bcf0c1cf9dafc1a6d1a4da8c91a63dc1094be0e307ff652c159`
SHA3	`d5fc681ff97145012acf885b82f2158230b67cbf069674ff1ad01a8f016d2e2f`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33777`
MD5	`557be2172fe94ba4327b50ca57cf0e34`
SHA1	`0add05287892ffb6a9977263442dbf6db15f5136`
SHA256	`00bfcb828b2496e3ef2f96880c8c15c8f251c423177337a3950e395b76a90ff3`
SHA3	`b314cc5816ee1d06f4076c3f0dcd63cde8750324460c1c3036565a2aa56cfe39`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31212`
MD5	`7782cbaab333d8152f55ce2f5ffbe495`
SHA1	`f87ce6d8d5d25383ca552bb90f77b1ff6f01714e`
SHA256	`ea8c77e472484fefd796d16cd48442d867c8e71ab064b0082c14eae2bcfdcbf9`
SHA3	`de097c9a040e7e8105f642b282cd6330bd778f3fa7eb499762758cd8d995397e`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22924`
MD5	`45b3579295fccc66a60cf6978f2e665a`
SHA1	`fdd89c59e240371668c49bb18914113199bca8e2`
SHA256	`8c3a5ab35b8642158da970298ed61bbb4c35d6f55052cb13a554f1e2c0ebfced`
SHA3	`5c05aaf06612db6e3105e7723ea06ce65a65ba650e5ef8a7bf4dd72bf3e6d571`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08318`
MD5	`b62be5f5630306224d4c7238fe464714`
SHA1	`e3e1fc632bb06cd4c32499323424879c6725575a`
SHA256	`1a736804d7fcce068ccfb6a951f248611212ffc35b418e7e8bf4c04872bea5b5`
SHA3	`76a45846cfb88ee618a57d48ce57199e1021c4c6a8496d9263090f70b5797d23`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.55508`
MD5	`2f4e8bc4c59db1826afd386b74e8db27`
SHA1	`d32321f703eb2b1082c008a6d4da133829ac8a59`
SHA256	`850f8102dba1cf996fd9457f7e8860d581f060b22bce640cf36c58f96cca5553`
SHA3	`8a3bee2d4c45d8125ecf7fb68a98be14387e97ffaa7dd898350238b810b2bdae`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65716`
MD5	`f822b53826d9cf54e511101194bec52a`
SHA1	`6b155a9f79405099f019120d6b68863565a663a4`
SHA256	`399ea2e9120a0127e81153854f10bbfa465628c8f04b4a1f1f14f8af3135f944`
SHA3	`d86d2826721649832cc15ac3a2d803b236a3e815db879c3052c205d1d77525a0`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73513`
MD5	`3159222e0455746126b7d5cea3bd6b02`
SHA1	`fde0a0a2b12133f3044e6ad771bb88d0736cc912`
SHA256	`436fb625005d8c5b3eb2599a45696c0468b337ec27f6df23630ec63e0ec699f0`
SHA3	`4471ece6eff216b31f7e8d3034185d048f33c64574b6043c34eb58fb4cf4622d`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.57157`
MD5	`17f83a03bf7b03599405116142fc51cb`
SHA1	`30596bac359b97eff4fa6c5d0bc48d0938d0e5e6`
SHA256	`303f1e8a7ca06c6bdb40b7f233fad8c13806074599518721d7dafeba9f155230`
SHA3	`4dd21c1918a756348d8ccf01322b7291a93161ab9be66713319c1dd63139e88b`

1 (#2)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x390`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09204`
MD5	`171d3e45e400a8725d90039b0b761472`
SHA1	`ce4d28fd19228c024ef4bf7b68bd961be0edd151`
SHA256	`7b8a5282ac61253e24f49dabbb150d92f23f84b7e221f9faa01f702c7c2bdc02`
SHA3	`d1582f2c94389f7c60c7e86936113749412565e745b9eeeae1eac36d714713c7`

2 (#2)

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xb0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77523`
MD5	`d512de6a80c2cc8b1eca4353c9140b97`
SHA1	`e1d9a38f7a2992a1d3c1b187ba02037f461d40be`
SHA256	`1912817a4346aaee7ae0a3671a69918e1efc0aa589b3da8a198b4a1a030e0897`
SHA3	`7b9a8d6160d232a8846b65e06a89af2ac92b36e92f8c3052025f293049f3c45b`

1 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7301`
MD5	`38c6edeb8cbbb035b040470bd32e9fc8`
SHA1	`bbc8b8357af61debf80d6dcb13beaae37a436fbd`
SHA256	`7381d1c6468a9b80354ad125db10aa7f27114aac109cc02ee6df008f858326aa`
SHA3	`276ae45f097e2bd280871f3ec520c022938cb7c8c4338b59f8773c4eb82abb8f`

2 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x80`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2136`
MD5	`331da86231ea379dc0d9be4512766ab3`
SHA1	`65f9c923fd7a2a6342a5a0ddc5197aeffe613f2c`
SHA256	`14119e35aa3b68c7c48db709d9136421dec4be3dc26fd3c49e02f000bddefd30`
SHA3	`4aeee01e9819c47b5ffa7f7fb5355ea4dc4bfd5e0b559d6ba93175de4152a884`

500

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08108`
Detected Filetype	Icon file
MD5	`70e8619fe33e982162db9a35513a6faf`
SHA1	`ef0bd7bc2e12ecbbcf9a58610d70afd2d9ab0444`
SHA256	`38d8c5ff11d4b9ea8f8051d3bad37b5196535eb3cd1f13275e674f8389b9e2b2`
SHA3	`4a676f6bf468a03802fb5fa19e66bbf1f528b1a1b552cb2c2654fdd78230ca10`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xaf012b6f`
Unmarked objects	`0`
19 (8078)	`101`
18 (8444)	`9`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

9019e33f6c223b99d7cdc626a46ee73d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

1 (#2)

2 (#2)

1 (#3)

2 (#3)

500

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors